Attackers often use drive-by downloads to attempt to infect innocent computers with malware. A drive-by download may be any type of download that happens without the knowledge of a user. Drive-by downloads may download spyware, computer viruses, or various other types of malware to a user's computer without the user's knowledge.
To evade detection and increase the ability to infect others' computers, attackers who use drive-by downloads may inject iframes in legitimate websites. These iframes, which may be so small that the user does not notice them, may load a source website that performs a drive-by download. Thus, a user visiting a legitimate website may be attacked by a drive-by download.
Traditional anti-malware technologies may block legitimate websites that have been compromised as described above. But these anti-malware technologies have several disadvantages. For example, attackers may infect numerous websites with iframes that point to a single source, and the anti-malware technology may block some, but not all, of the compromised websites that point to the source. Another disadvantage of traditional anti-malware technologies is that they do not distinguish between compromised websites and source websites. Thus, these technologies may block a compromised website while the underlying problem—the source website—may not be blocked.